Chapter 5: Maintaining system security

Table of contents

• Chapter 5: Maintaining system security
  • Understanding system security
    • Physical security
    • Trusted system concepts
    • Security in a networked environment
  • Administering a trusted system
    • Assigning administrative roles and system privileges
    • Controlling system access
    • Logging out idle users (non-graphical sessions only)
    • Restricting root logins to a specific device
    • Using auditing on your system
  • Protecting the data on your system
    • SUID/SGID bits and security
    • SUID, SGID, and sticky bit clearing on writes
    • The sticky bit and directories
    • Data encryption
    • Imported data
    • Terminal escape sequences
  • Creating account and login activity reports
    • Reporting password status
    • Creating an account summary
    • Reporting terminal access status
    • Reporting user login activity
    • Reporting terminal login activity
    • Logging unsuccessful login attempts
  • Detecting system tampering
    • Stolen passwords
    • Abuse of system privileges
    • Unsupervised physical access to the computer
  • Dealing with filesystem and database corruption
    • The authentication database files
    • Checking the system after a crash
    • Using the override terminal
    • Automatic database checking and recovery: tcbck(ADM)
    • Database consistency checking: authck(ADM) and addxusers(ADM)
    • System file integrity checking: integrity(ADM)
    • System file permission repair: fixmog(ADM)
  • Understanding how trusted features affect programs
    • LUID enforcement
    • stopio(S) on devices
    • Privileges
    • Sticky directories
  • Disabling C2 features
  • Troubleshooting system security
    • Account is disabled -- see Account Administrator
    • Account is disabled but console login is allowed Terminal is disabled but root login is allowed
    • Audit: filesystem is getting full
    • Authentication database contains an inconsistency
    • Can't rewrite terminal control entry for tty Authentication error; see Account Administrator
    • Cannot access terminal control database entry
    • Cannot obtain database information on this terminal
    • Login incorrect
    • login: resource Authorization name file could not be allocated due to: cannot open;
    • Terminal is disabled -- see Account Administrator
    • You do not have authorization to run ...
    • Unable to remove files